It affects devices running Android 6.0.1 Marshmallow and above / Getty

'This is clearly not a minor threat, but an actual tactic used in the wild'

Security researchers have discovered an unusual Android vulnerability that could affect nearly 40 per cent of users.

It can expose users to malware, by allowing cyber criminals to hijack a phone’s screen.

Google is aware of the threats and says it will address the problem in Android O, the next version of the company’s mobile operating system

Unfortunately, that’s expected to launch later this year, and history suggests it will only end up rolling out to devices in 2018. Even then, there’s no guarantee that a handset running Marshmallow will be able to upgrade to O.

The issue was spotted by security firm Check Point.

It affects devices running Android 6.0.1 Marshmallow and above and, according to Google’s numbers, that means 38.3% of Android users are vulnerable.

The problem stems from a new permission model for apps introduced in Android 6.0 Marshmallow.

Through the Settings menu, users were required to manually grant permission to any apps designed to display their content over another app, such as Facebook Messenger’s chat heads. 

Google deliberately made the process relatively long-winded, as the company knew of the associated privacy risks. Users had to open Settings, and then select Apps and Draw over other apps, in order to grant the permission.

The steps proved too difficult for some, and Google responded by introducing a patch in Android 6.0.1 that removed the process altogether.

“This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans,” says Check Point. 

“It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices. According to our findings, 74% of ransomware, 57% of adware, and 14% of banker malware abuse this permission as part of their operation. 

“This is clearly not a minor threat, but an actual tactic used in the wild.”

Google’s Play Store uses software called Bouncer to scan apps for malware, but it's not unusual for an infected program to make it through.

Users should be selective about the apps they download and steer well clear of third-party Android app stores, which tend to be packed with dodgy software.

Comments